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ABOUT THE HANDBOOK 


Information & Communication Technology has become an integral part of our day to day 
lite. It has changed the way we connect with friends, find jobs, find matches for marrying, 
run businesses, play games, do shopping and so on. With the cheap availability of 
broadband and smartphones, almost everyone has access to the cyber space, connecting 
virtually to millions of online users across the globe. Increasing use of cyber space has also 
made us vulnerable to cybercrime threats. A minor lapse/negligence in managing our digital 
life can open the doors for cybercrimes and hence can lead to financial loss, damage to 
reputation, harassment etc. So, we must be vigilant and careful while connecting digitally to 
the outside world whether for financial transactions, social networking, playing games or 
searching things on the internet etc. 


The information provided in this handbook is intended to create awareness among citizens 
about various cyber threats that can impact them and provide some tips to safeguard 
themselves against cybercrimes. 


The initial part of the booklet depicts the different types of cybercrimes being reported these 
days, categorized as per their modus operandi. For cybercrime of each modus operandi, we 
have given its brief description in the box at the top. Below that, 1s a pictorial representation 
of how cyber criminals commit that particular cybercrime on the victim. We have tried to 
keep it simple so that even a common man can understand it. At the bottom of the page are 
the tips/possible ways by which one can avoid the particular cybercrime/fraud. 


There might be certain overlapping tricks found in the various types of cybercrimes 
explained in the handbook. Still they have been discussed separately because cyber 
criminals apply some common tricks with very subtle differences because of which many 
people become victims. 


As it is not possible to cover all the different modus operandi in a small handbook, hence, 
we have provided general tips for ensuring oneG safety in cyber space towards the end of 
the booklet. People, who do not have time to read each modus operandi in detail, are 
advised to at least go through these general tips and follow them to prevent themselves from 
becoming a victim of cybercrime. 
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CVV/OTP SHARING FRAUD 









Cyber criminals posing themselves as bank /RBI officials call people and tell them that 
their ATM card has been blocked or their KYC (Know Your Customer) is not updated 
or their Aadhaar is not linked to their bank account & hence their account will be 
blocked. Then on the pretext of updating the KYC/linking bank account to Aadhaar or 
for resuming the services of ATM card/activation of new ATM card asks for details 
related to victim@ bank account like ATM card number, CVV number, OTP etc. After 
these details are shared by victim, money is siphoned off from the victimG@ bank 
account. 


Ow the pretext of 
KYC/Aadhaar update 
or actiwatiow of new 
ATM card, fraudstery 
ask for ATM card 
vunber E& OTP 


Victim sharexy ATM card 
no- Victim sharey CVV no 





Fraudstery coll Victiw 





OTP SMS 


amazon 
paytm (Ea oon 


maz 





Fraudstery tramsfer the money to e- 


wallet or UPI accounts or do shopping ween 7. 
ee ecew 
ow hix mobile 


> Remember bank never asks for card number/CVV number/OTP. 
> Never share the ATM card number, CVV, OTP or any other confidential banking 
credentials with anyone over a phone call/SMS/WhatsApp. 


> E-mail should not be shared as this may lead to activation of Internet banking by 
cyber criminals, leading to siphoning off of oneG@ money. 













UPI PHISHING FRAUD 


On the pretext of helping in banking related issues, fraudsters ask victims to forward an 
alphanumeric link to a particular number (depending upon the bank associated with the 











victim) from their registered mobile number. Once it is done, cyber criminals install the 
UPI wallet of the victim (using W1-Fi) bypassing the SIM binding process onto their own 
mobile phone, thus gaining access to the victim bank accounts linked to the registered 
mobile number. 









Yr Fraudstery coll people ow the Victiw sharey link & - Le 
~ pretext of updating OTP — 
KYC/Aadhaar & link hiy 
account to UPI by comincingy 
him to share the 
audstk accesy 
alphamumeric link & OTP tow i eg , 
sesheiat anna the UPI wallet which iy 
; linked to victtw x bank 
to the bank of the victinv account. Fraudstery set 
MPIN also- 





Victim duped of money iwhiy bank vict s account ay their 
account until he gety hix account blocked oww 


> Never share any OTP or link to any number given by someone calling oneself as 
bank /RBI officials. 
> People calling to customer care number of airlines/e-commerce entities obtained 


from Google search for rescheduling flights/getting refunds etc. have become 


victims of such frauds following their instructions. Never do that. 
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FRAUD BY REQUEST MONEY QR CODE/LINK ON GOOGLE 
PAY/PHONEPE/PAYTM 





Cyber fraudsters send debit links or QR codes to victims to scan and receive money in 
their bank accounts through Google Pay/PhonePe/Paytm. But instead of receiving money, 
it actually gets debited from the victimG account as fraudsters actually send a request 


money QR code/link. 





http://8629a7fl .ngrok.io 


OR 





: ; = 2000.00 
Fraudster cally the vendory mena TN eae 





ay can eploener or mobile number & receivey 
businessmow & requesty for ENCE AOS 
Goople Pay or PhonePe eae 
fa ae neneimanial The QR code ix tampered with 
pO NG PO) to make it look like aw if it 
for debit 


Your SB.A/c e*seese~ 00628 is 
debited for Rs. 5000 on 10-02-2017 
by ATM. Avbl Bal Rs:22.1 





Instead of recieving money, Victim ignores the text message 
victim endy up paying to the received ow the registered phone 
froudster vir request money QR number with one’y bank account 
code or link 


> Never accept/click on any link or scan any QR code from unverified sources as 


they may send you a manipulated one. 


> For receiving money, there is no need to enter MPIN or UPI PIN. 
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FRAUD USING GOOGLE DOCS APP 


Apps for online forms like Google Docs etc. are widely used to collect data. Fraudsters take 
advantage of such applications and misguide the victim to fill or submit his/her confidential 
bank related data like ATM number, UPI PIN, password etc. As soon as they fill up the 
form and submit their data, it 1s directly transferred to the creator of the form. 










Google Form 


Online Payment Refund 


Enter Name 








CANCEL = COPY 


Cyber criminally send w 
link for Google Docs form. 
They mislead you by 
writing it is for money 
refund 


Enter UPI Code 


Cyber criminals misgquide the victtw to- 
related data like ATM number, UPI PIN, 
passwordy etc. 





Cyber fraudster thew siphowy off 
money frow the victim’y bank 
account using the credentialy 


As soow ay the victim submity 
the form, confidential data ix 
received by the cyber fraudster 


> You are advised to never share confidential banking details in online forms like 
Google Docs. 


> Bank never asks their customers to fill such forms. 
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FRAUD USING OLX/E-COMMERCE PLATFORMS 














Cyber fraudster uses the e-commerce platforms like Olx/Quikr/Facebook for giving fake 
advertisements to sell commodity at lucrative prices. When someone intends to buy, cyber 
fraudster asks for advance payment in the form of packaging/transportation/registration 
charges etc. Buyer pays the money believing him/her to be a real seller and the fraudster 
disappears with the money. Frauds are also committed by cyber criminals posing 
themselves as buyers to real sellers. In this modus operandi, cyber criminals get the 
sellerG account debited on the pretext of paying advance money by sending request 
money link/QR code instead of the credit link/QR code. 








Army/para-military force Cyber criminally contact these  Fraudstery then we 
personnel upload personnel & get their id the id proof & other 
commodity (vehicle/fridge proof, canteen smout card documents of 
(mobile phone etc.) to- be and other documenty ow the army/para-military 
sold ow Olw pretext of buying the force persommel ay 
(Quikr/Facebook etc. advertised itew their oww & post fake, 
adw for sale ow Olw 
(Quikr/Facebook etc. 
Ow the pretext of v 
GST/transportatiow 
charge/packaging Buyer seeing attractive 
charge/vegistratiow charge <u price himself contacty the 
/other adwances, fraudster fraudster assuming hinw 
keeps duping the victiw of ay ormy/pora- military 
his/her money until the force personnel 
victim realizes the fraud 


> Never pay advance money without seeing the article physically and meeting the 
seller in person. 

> For receiving any type of payment via link or QR code, there is no need to enter 
MPIN or UPI PIN. 


> Always remember entering MPIN or UPI PIN is required only for paying money. 










FRAUD THROUGH FAKE CASHBACK OFFERS 





Fraudsters lure victims by offering cashback offers from PhonePe/Google Pay etc. and 
request the victims to click on a request money link or scan a QR code to avail the same. 
Once the link is clicked or QR code is scanned, money is debited from the victimG bank 
account instead of being credited as he enters MPIN or UPI PIN. Link can be of type 
http://8629a7f1.ngrok.io or SMS 1533c608933b85f448a7428b4365a042ae6 







a Wee Wr NODC 
A ~ AM YOUR OE es: is 
/ \ CO OFFICE PH S238 nee \ 
Lr] ) (ALERT!) Your TD online (rab - 
” account have been NOW KYC has tn 
i d ed t | k wilt arene in Paytm wane’ 
L suspen , to unlock your wage 205 caaneacy let you 
—- | . * TO get ca ‘Our 
bs account please click here : a A BCK Click hore 
~./ A http:// Soro “O/Paytm 
= tdcanadatrustwallet.com/ 
td OR 





: a 
Text Messaqe 


Today, 11 
Hallo, ASDA is giving away £250 Free 


Fraudstery ure vicltimy Voueher to cebebrte GET anniversary, 

, Your K.Y.C has been updated go here to get it: http 1/wwwy.esda.com 

by offer UWA coshback successfully, you will get 1205 may eapel Soy ats Meas Foe HTT 
cashback in your wallet, To get @ % 9 © 

offers cashback click here Link 


http://8629a7f1.ngrok.io 
OR 


= 2OOO.O0O 
Fraudstery 
editing the QR 
code by writing 
“payment 
a A LV’, (cq 


receive’ etc. 


Victimy dowt 
pay attenttow to- 
what ix writtew 
here 





Instead of receiving money, victiww 

himself/herself pays to- the fraudster 

vie a request money link or QR code 
after entering MPIN/UPI PIN 


> Never forward /click on any suspicious link from unverified sources. 
> Remember the thumb rule: You need to enter MPIN or UPI PIN only for debiting 


money from your account; it is never required for receiving money. 











FRAUD USING SCREEN SHARING APPS 





Cyber fraudsters on the pretext of aiding or citing the policy of a company guide the 
victim to install screen sharing apps like Quick Support/TeamViewer/AnyDesk etc. and 






thus get control of the victimG phone, thereby getting access to banking credentials like 





OTP/MPIN/username/password for internet banking etc. The fraudster then siphons off 






money from the victimG account using those credentials. By the time the victim realizes 





it, a lot of money is already siphoned off. 



















AnyDesk 
People contact fake (Ey) 
eee ae ele, => e TN cl | P 2 > 
from Goople search engine OR 
Vict shares the, Fraudster gety 
code with the, accesy to the victim’ y 
QUE SAPP OU fraudster phone & stealy 
banking credentioly 
Fraudster, posing ay ov v 
customer care operator, asky 
the victim to install any of Fraudster transtery 
the above screen sharing money to his 
apps and share the code to account without 
alow victim’ sy screew Accesy the need of 
to-help him sharing the OTP by 
the victiw 


> Never install any screen sharing app when asked to do so over a phone call by 
customer care/help desk representative of any entity. 


> Banks/E-commerce entities etc. never ask to install third party application for 


screen sharing. 
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SIM CARD SWAPPING FRAUD 





It is a type of identity theft where cyber criminals manage to get a new SIM card issued 
for your registered mobile number through the Telecom Service Provider. With the help 
of the new SIM card, fraudsters get OTP & other confidential details required for 
financial transaction from your bank account. 





gs @ ) 
Cyber criminally — Cyber criminally call the | LENO Victim forwards the SIM 
getablankSIM victim pretending as their fraud, cyber no. from hiy mobile phone 


card frow customer care executive of criuminoly provide, considering the fraudster 





retailer, who- i a TSP, to initiate 4G SIM one SIM no: & ask the Oy Jemuiine customer core 
also a gang "890 only victim to send that operator of the TSP 
ue pucivenanernuae SIM no: throug SMS 
servicey of their SIM will a ne y 
gee : vuunber to- avail the 
serVicey 
SIM Card 
Swapping Ki 
> | 
LS oe <Ga 
= The TSP. closes the servicey of 
Now, the cyber criminal ix able to accesy WV the victim’y old SIM and issuey the 
bank account detaily linked to- the victtww y victun’y mobile number to the 


mobile number and withdraws the money blaniSIM cov. 


> Never share any information related to your account and SIM over a phone call. 
The 20-digit SIM number mentioned on the back of the SIM is a very sensitive 
data. 


> If your mobile number is inactive/out of range for a few hours, enquire from your 


mobile operator immediately. 
> Register for regular SMS as well as e-mail alerts for your banking transactions 


(this way, even if your SIM is de-activated, you shall continue to receive the alerts 
via your email). 










FRAUD USING FAKE SOCIAL MEDIA ACCOUNT 





Fraudsters target accounts on popular social media platforms like Facebook and 
Instagram. They commit fraud by creating a similar fake account of the target profile and 
requesting his/her friends for instant money transfer citing some medical emergency etc. 
Target profileG friends transfer the money considering him/her as his/her friend. By the 
time the target profile comes to know of it, many of his friends become victims of the 
fraud. Similar fraud is also committed by hacking the target account. 














A similar profile Original Fake Facebook Sends request to- those 

of target social Facebook profile created who- are w the friend list 

media account profile using the same, of the impersonated 

ix created by w display picture account 

fraudster 4 
pee : : Sabnrot 
If anyone sendy money Imposter contacts those ww the friend List of 
without verifying frow impersonated account via Messenger & thew requesty 
one x friend, he/she for money ow the pretext of some medical emergency. 
becomes a victim of the He provides PhonePe/Google Pay/Paytw account or w 
fraud bank account for making payment 


Keep the privacy setting as MMy friendsO only. 
Before transferring the money requested via Facebook, WhatsApp or other social 
media account, verify the authenticity of the message by meeting the concerned 


person or calling him. 
Turn on 2-step verification for all your social media accounts. 
Keep your password strong and maintain the privacy of the password. 
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SEXTORTION ON FACEBOOK 








Live video chat is done on Facebook via Messenger by cyber criminals posing as female. 
Cyber criminals convince the victim for video call in compromising positions, following 
which fraudsters take screenshots of the same or do screen recording of the video call. 
Cyber criminals then threaten the victim to circulate the photographs/videos in 
compromising positions on various online platforms, if the demanded money is not paid. 





Cyber Shia Many a times cyber After several chats, cyber 
sendy friend criminwly adwise the crupmimal cowinceys the victiww 
request ov victim to- download to- come for video calling 
Facebook based severav typex of video- 
ow the videos chat applicationy 
and posts liked 
Dy Yow Cyber criminw sttarty 
blackmailing victim & extorty 
money or else threatens to- 
upload naked photo ow porw 


websites, YouTube etc. 


<< 


Cyber crimina seduces the victim to- 
go naked and thew saves the 
screenshot or screew recording of 
ongoing video ca iw which the 
victiww iy rude, 





> Avoid friendship with unknown people on social media platforms. 
> Never make video calls to unknown people on Facebook or any other social media 


platform. 










CATFISHING 






Cyber criminals make friendship with the victim over social media platforms like 
Facebook, WhatsApp etc. pretending to be a very rich foreign national. They usually 






play emotional card 1.e., family issues, loneliness etc. and instill a belief in the victim 






that the fraudster is really going through an emotional crisis. After developing some 






rapport, they send photographs of the gifts which they say they intend to send as a token 
of friendship. They later tell the victim that the gift is detained at airport by customs 







officer and requests money for the release of the gift. The victim pays the money to the 






fake customs officer, who is also a member of that cyber criminal gang. 





Fraudstery tel the potent 
victw that he/she hay sent w 
gift worth milliovy of 
rupees/pounds/dollars/euroy 
and request for accepting the 
gt 





Fraudstery look for aw appropriate profile 
of a persow who caw be a target & contact 
him/her using fake Facebook/email 
account claiming to be a foreignw national 
undergoing emotional crisiy 


= 





Another gang member Ppa ery Peony cloen inaahe: 
Victim fally into the trap, sendy posing as customs officer gift iv detained by a customy 
money to the fraudsters oly to thew contacts the victiww officer for want of clearance 
get nothing ond asky to pay money if for aw expensive gift 
the gift ix to be released 


> Be careful while accepting friend requests from strangers on social media platforms. 
Check how many friends the userG profile has. An average Facebook profile has 
around 300 friends. Catfishing profiles often have significantly fewer friends. 
Do not share personal details with strangers over social media platforms. 
Social media sites offer privacy settings for you to control who can view your posts, 
photos, etc. or send you requests. 


Restrict access to your profile by keeping the privacy setting as Mfriends onlyO. 


Always remember | NMNo stranger/social media friend will give you expensive gifts 
for free. 








HARASSMENT THROUGH 
FAKE SOCIAL MEDIA PROFILES 





Cyber criminals morph the photographs of the victim which they get from social media 
and upload it on social media platforms. After that they demand money to remove the 
morphed pictures from social media. Victim falls prey to the trap and transfers the 
money. 





Victim usually accepty all the Because of poor privacy settings of the 
friend requesty without knowing victiy account, everyone hay access to- 
media platforms which cyber criminally 


take adwantage of 








Cyber criminals download photography and 
create a fake account impersonating the 
victem and upload the morphed obscene 

photographs etc. harassing the victw 


> Social media sites offer privacy settings to manage who can view your posts, 
photos, or send you friend request etc. Restrict access to your profile. 

> Ensure your personal information, photos and videos are accessible only to your 
friends. 

> Refrain from making friendship with unknown persons over social media 


platforms. 










CYBER BULLYING ON SOCIAL MEDIA 





Cyber bullying is bullying with the use of digital technologies. It can take place on social 
media, messaging platforms, gaming platforms etc. It is a sort of repeated behaviour, aimed 






at scaring, angering or shaming those who are targeted. Examples include: spreading lies 






about or posting embarrassing photos of someone on social media, sending hurtful 






messages or threats via messaging platforms, impersonating someone and sending mean 






messages to others on his/her behalf. 





Perpetrators of cyber bullying Perpetrators of cyber bullying create w 


(usually knoww to the victim) fake account either iw the name of the 

get the personwl photography victim or wrandom nome & post 

and detaily of the victim fromw several memes and videos making fu 
variouy social mediw sites of the victim, which goes viral 


Learn about the privacy settings of the social media apps being used by you. 
Ensure your personal information, photos and videos are accessible only to your 
trusted ones. 

Think twice before posting or sharing anything online | it may stay online forever 
and could be used to harm you later. 

Make your children aware that cyber bullying is a punishable crime so that neither 
do they indulge in cyber bullying nor do they let anyone bully them. 

Report hurtful comments, messages and photos and request to the concerned 


Social Media Platforms to remove them. Besides QinfriendingQ you can 


completely block people to stop them from seeing your profile or contacting you. 










CYBER STALKING 


Cyber stalking is online stalking. It involves the repeated use of the internet or other 










electronic means to harass, intimidate or frighten a person or group. Common 
characteristics of cyber stalking may include false accusations or posting derogatory 
statements, monitoring someoneG online activity or physical location. Cyber stalkers 
may use email, instant messages, phone calls, and other communication modes to stalk 
you. Cyber stalking can take the form of sexual harassment, inappropriate contact or an 
unwelcome attention in your life and your familyG activities. 





Victim usey check in feature of Stalker keeps a watch ow the 
sociol media to- inform one’ ¥ posty of the victiww 
friends and followers about his/her 
whereabouty (locations, places) 
and also- about one’s future plany 
ow sociol media platformy 





Stalker takes advantage of 
the future whereabouts of 
the victim and imtimidatey 
or frightens him/her whew 
the opportunity ix ripe 





> Be careful while uploading your personal information, photos and videos on 
social media. Ensure that these are accessible only to your trusted ones. 
> Never add unknown people to your friend list. 


> Review all the privacy and security settings of social media and restrict them to 
Mmy friends only@ 
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ATM/DEBIT CARD CLONING FRAUD 






Each ATM/debit card has a magnetic strip in it containing confidential data. Cyber 






criminals use a skimmer machine to read this strip and capture the confidential data related 






to the card. Then they copy the data onto a blank card, which is used for fraudulent 






transactions. They use overlay devices/pin-hole camera/ spy camera or peep from behind 
in the queue to read ATM/Debit card PIN while it 1s being entered by the user on the ATM 
keypad/POS machines. 





Data of ATM card skimmed Cyber criminally rewrite the Withdraws money using 
while withdrawing money ATM card datwowablank ATM Cloned card and peeped 
frowalM kiosk & Cyber card, thuy cloning. Nowadays; PIN from for off ATM 
Criminn stealing the PIN by they are also cloning kiosks 
peeping from behind ATM/debit card data by 
guessing the card munber & 
PIN 


Enter the PIN yourself taking due care to hide the PIN (as 1n image 1). 

Check for hidden cameras/skimmer devices while withdrawing cash (as in image 
2). 

Physically check the keypad to ensure it does not have an overlay device. 


Do not allow anyone to stand beside or behind you while carrying out transaction 
with ATM/Debit card/Credit card. 
Do not keep a PIN which can be guessed easily. Keep changing your PIN. 


Ensure you get transaction receipt or confirmation through SMS. 
Ensure that any part of the ATM machine is open or loosely attached. 





a 
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EDITED GOOGLE CUSTOMER CARE NUMBER FRAUD 






Cyber fraudsters edit the customer care number of banks/airlines/food outlets/e- 
commerce entities etc. on Google page and customize it in such a manner that whenever 
someone searches on Google for the customer care number, the edited number of cyber 
criminals appears on top of the search results for that entity. Victim ends up calling the 
fraudsters instead of the real helpline numbers. The fraudsters portraying themselves as 
helpers actually give instructions to dupe the caller victim. 








@ ASHOK NAG: a 
Sit & = 


mH iy 
n@ Main Req ° eae” Theatres 
{ = AUT ld 
Pemonall Office s Suggest an edit 3 
& Lonotw 


State Bank of India | 
aoe ae on , Change name or other details 

3A eer & 22 Goods teiews Edit name, location, hours, etc 

Public sector bank in Chennai, Tamil Nad 


Address: TNHB Complex, 1 H ing Board Shopping Complex, Y Remove this place 


Jawaharlal Nehru Road, Ashok Nagar, Chennai, Tamil Nadu 600083 ; : 
Mark as closed, non-existent or duplicate 


Pe Seas 


Hours: Closed - Opens 10:25AM Tue ~ 
Phone: 044 2489 2148 





Suggest an edit - Own this business? 


Fraudstery take, 
benefit of “Suggest aw 
edit” optiow on the 
Gage Cae. means 





Fraudstery feed their oww 
number ag the bank's helpline 
number. People call on the 
genuine & get defrauded by 
folowing their structions 





' 
£ 
¥ 
tt 





> Always search for customer care number from the official website of the 
banks/airlines/food or retail outlets/other e-commerce entity and not by searching 
the entity name on Google search. 


> Toll free number for any bank is given on back/flip side of debit/credit card. Call 
on the given numbers only. 
> Always remember that Google does not give verified information on searches. 









RANSOMWARE ATTACKS 








Ransomware is a category of malicious software which, when run, disables the 
functionality of a computer in some way. The ransomware program displays a message 
that demands payment to restore functionality. The malware, in effect, holds the computer 
system to ransom. In other words, ransomware is an extortion racket. Ransomware 
typically spreads through phishing emails or by unknowingly visiting an infected website. 





Once the infected file iy opened, 


ber criminally send email to- the 
coe ot ~ victim's system gety locked and all 


victi comtaiminyy suspiciouy ; 
attachment or phishing links. Victinw ples get encrypted Alert message 


Fait sled ecu hanenbinal ow computer screen demands 
ransow to be paid to unlock the 
opens the fille 


screew or encrypted data 


Do not open emails from unknown sources containing suspicious attachment or 
phishing links. 

Keep your antivirus up-to-date and windows firewall turned on and properly 
configured. 

Back up your most important files on a regular basis. Keep the important data on a 
separate hard disk. 


Have proper spam filters enabled in your e-mail account. 











JUICE JACKING 


Juice jacking is a kind of cyber fraud where data is copied from a smart phone, tablet or 
other electronic devices using a USB charging port that is actually used for both data 
connection and charging. The victim believes it to be a charging port only. 


Victtw 





Hacker usey the same charging point to teal 
datw through USB port using data cable 


sed This type of 
Lectin ¥ stealing of data 
konto praia from the victim’ y 
charging port at a a a 
public place’ Juice Jacking 





> Disable data transfer on your phone while charging. 
> Switch off your device before charging in public places. 
> Carry your own portable power pack/bank. 


> Can buy a data disabled charging cable. 











LOTTERY FRAUD/NIGERIAN FRAUD 





Cyber fraudsters send e-mails/SMSs informing the recipient (victim) that he/she has won 
a lottery/prize worth millions of rupees/dollars and the recipient only needs to click on 
the link sent on their e-mail/mobile phone or to tell how they want to receive the prize 
money. However, on responding positively, the recipient is asked to pay money in the 
name of registration/shipment/service charges, GST etc. one after the other for releasing 
the prize money. This way the recipient keeps on paying the fraudsters until he/she 
realizes the fraud. The fraudsters were initially mainly from Nigeria and hence the 
terminology. 













Fraudstery give If the victim replies positively, On telling the mode of 
informatiow through fraudsters thew ask how they receiving, they then ask 
email/SMS/caw to- the would like to receive the prize _— for registration/shipment 
victim about the prize money [service charges, GST etc. 

money wow by them for releasing the prize 
through lottery money 


The persow (victim) fally into- 
the trap and sends the money 
to the fraudster one by one 
until he/she realizes the fraud 





> Never respond to calls/SMSs/e-mails related to winning a lottery/prize or seeking 
personal or financial details. 
> Have proper spam filters in your email account to stop receiving unsolicited 


emails. 
> Follow the thumb rule: Never transfer funds to unknown persons or entities in 
promise of higher returns/winning prizes or lottery. 










ONLINE JOB FRAUD 











Cyber criminals advertise fake job offers using various platforms either online via fake 
websites. Victim, in search of a job, goes through these fake job offers and contacts the 
cyber criminal. Upon contacting cyber criminals, victim is asked to pay registration fee 
or make an advance payment (which they claim is refundable) to avail their services for 
getting a job. Victim transfers the money and follows the guidelines of the fraudster for 
getting a job and falls prey to the cyber crime. In some cases, a fake website phishes 
financial data through a fake payment channel. 


(@) Add Debit/Credit/ATM Card 


Name on card x 


Card number 








OR 
ExpiryMM v Expiry ~ 
: Y¥YYY 

People share their data Cyber criminally contact Tech-sowvy cyber 
ow different websites or victimy using these data and criminally create fake 
social media platformy wv the none of providing w websites to- steal financial 

iw search of joby good job; they demand money detaily through fake 

charge, etc. while never 
intending to provide w jot 





Victim endy up 


losing/paying money for w 
Jol which didwt exist 


> To avoid such frauds, it is necessary to submit your application to a registered 
website only. 


> Do not make any advance payments for getting a job. 





COMPUTER OR DEVICE HACKING 





Hacking is the act of gaining access to a computer/device without legal authorisation. 
Cyber criminal uses various methods for hacking a victim@® computer/device such as 
infecting a computer/device by a virus or malware. Hacking may lead to data 
corruption/deletion or data loss or stealing of data. 





Victim downloads the attachment or appy 
from aw un-trusted website after which hiy 
/her computer/device gety infected with the 
form of attractive viruy 

adwvertisementy 








Vict hay not installed any antwiruy into-hix syttew 
and ignored the standard security features. Vict ¥ 
system starty working slowly and later he losey his 
personwl photos, videos and other unportant 
documenty 


Computers/laptops should have a firewall and antivirus installed, enabled and 
updated with latest versions. 

Never download or install pirated software, applications etc. on your computer, 
laptops or hand- held devices. 


Always scan external devices for viruses, while connecting to the computer. 
Be careful while browsing through a public Wi-Fi and avoid logging in to personal 


and professional accounts while using public Wi-Fi systems. 
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MOBILE APPLICATIONS FRAUD 






Mobile applications may be mediums of cyber-attacks, stealing of confidential data or 
mode of getting access to the controls of your phone/device. People download mobile 






applications from unknown sources ignoring security warnings. These applications may 






have viruses which pass sensitive information or give control of your phone/device to 






some outside agent, who gets access to your contacts, passwords, financial data etc. 






Several mobile applications from unknown sources ask for unnecessary permissions for 






access to your phone/device, which one grants without due diligence. Thus, these mobile 






applications can access a huge amount of personal information, photographs etc. from 






your phone/device. 








Victim, whabitual user of Cyber criminals take advantage of 
certain mobile applicatiow this and attack the victim’ y device by 
downloads the mobile infiltrating into it using the, 
application ignoring security application. They infect the 
warnings and/or granty application with malicious software 
unnecessary permissions to the, and get accesy to the victim’y 
application, which ix not messages, cameras, contacts, photoy 
required wv the functioning of etc. for malicious activitiey 
the app 


> Always install applications from trusted sources like for Android devices, use 
Google Play, for Apple devices use App Store. Please ensure that the app is 
having Play Protect shield. 
It is also important to read reviews about the app. If it has a negative review, read 
more to see if anybody noted any security concerns like bugs or unencrypted 
passwords. 


Update your software and mobile applications on a regular basis so that you don@ 


miss on important security patches. 

Be careful while granting app permissions like a document scanning app does not 
require permission to access your location, call logs etc. Sometimes applications 
are filled with spyware and other types of malware. 





CYBER SAFETY TIPS FOR CHILDREN 


DO’s 





Whew you feel 
uncomfortable with any SM 
post/mail/chatting, 
immediately share your 
concerw with your parenty 
or avy trustworthy persow 


Real life etiquettey 
and mamnersy apply 
equally to- the virtual, 
space 


Aways add persons 
whow you know iw real 
life & with the 
permissiow of your 
parewnty 








DON’Ts 


such ay Facebook, 
Ivustagram, Blogs, 
Twitter, chat-roomy 
Dow? sigw up for sitex Do not respond to- 
that require w certaiw indecent/offending/ 
age criteriw for harassing emails/ 


Never agree to- meet 
aw owline friend 
unlesy and until 
yow do- s0- under 

your 
parents/quardiaw ¥ 
guidance and 


supervisiow 








Yuh 






CYBER SAFETY TIPS FOR PARENTS 


DO’s 





Make sure that your CR NE of 
childrew understand your child ow Facebook, 
that they wil not get WhatsApp etc. especially 
into trouble if they tell if yow notice w sudden 
yow about their problem 


Explain it to- your 
child that all social 

networking profiley 
must be set to private 


Keep computer iw aw > K\ 
wmappropriate content 


oper arew. Make a rule 
that doors are alwayy about your child, please 
left oper whew kidy are contact the nearest PS at 





the earliest 


Tell your children to- 


site that makes thew 


online 


feel uncomfortable or 
worried 








DON’Ts 


Dowt allow your child to- 
have SM accounts if there 
same, 


Do not replace physical 
parental supervisiow of 
computer use at home, 
with any safe search 
engine or any other 
tool 











CYBER SAFETY TIPS FOR WOMEN 


DO’s 





Be selective about what 
informatiow you make, 
public. Sensitwe 
informatiow includey 
real name, date of birth, 
gender, town, e-mail 
address, school nome, 
place of work, and 


Ow social medio 
accounty keep your 
pracy settings to the 
from sendery who are 
vot iw your contact 
list 


Use strony passwords 
and use different 
passwords for 
different accounty 


Contact the nearest PS 
control who caw view ee ic 
ony your prwacy/safety has 

been compromised 
online. Yow caw also- 
report your problemy 
online at 

https://cybercrime. gov.in or 
https://jots.jhpolice.gov.in 








Dowt share your password 


with anyone or let anybody 
ese handle your account 


Dowt accept “friend 


vequesty’ frow people 
totally unknown to yow 
and from those with 
whow yow dowt want to- 
interact with 


Dow share any OTP or 
other passwords, ever with 
friendy 


DON’Ts 


Never, try to meet w 
persow with whow 
youw ve interacted only 
online without taking 
somebody else along 
and such meetingy 


links sent over Facebook 
messenger or other 
they are sent frow your 
friend» account 





Dowt trade personal 
informatiow for 
“Fr I 7 , Jd 


Dow post personal 


Dowt accept a friend 
request owly ow the basi 
that the persow ix w 
mutual friend of w 
friend of youry 








GENERAL CYBER SAFETY TIPS 





For Device/Computer Security 


Keep your antivirus and operating system updated at all times. 

Backup your sensitive/important data at regular intervals. 

Be careful while opening suspicious web links/URLs. 

Always scan external storage devices (e.g. USB) for viruses, while connecting to your device. 

To prevent unauthorized access to your device, consider activating your wireless router's MAC 
address filter to allow authorized devices only. 

Wireless router can screen the MAC addresses of all devices connected to it, and users can set their 
wireless network to accept connections only from devices with MAC addresses recognized by the 
router. 

Secure all your wireless access points with a strong password. Hackers usually scan for open access 
points and may misuse it to carry out unwanted activities. Log records may make you more vulnerable 
for such misuse. 

Merely deleting sensitive material is not sufficient, as it does not actually remove the data from your 
device. Wile Shredder SoftwareOshould be used to delete sensitive files on computers. 

Delete unwanted files or data from your computer device. It prevents unauthorized access to such data 
by others. 

Use GNon-Administrator Account6 privileges for login to the computer and avoid accessing with 
OAdministratorOprivileges for day-to-day usage of computers. 

Make sure to install reputed mobile anti-virus protection to protect your mobile from prevalent cyber 
threats and also keep it updated. 

In case of loss or theft of your mobile device, immediately get your SIM deactivated and change 
passwords of all your accounts, which were configured on that mobile. 

Do not leave your phone unattended in public places and refrain from sharing your phone password/ 
pattern lock with anybody. 

Always enable a password on the home screen to restrict unauthorized access to your mobile phone. 
Configure your device to automatically lock beyond a particular duration. 

Always lock your computer before leaving your workplace to prevent unauthorized access. A user can 
lock one@ computer by pressing trl +Alt + Del6and choosing G.ock this Computer6or NWindow 
button+ LO, 

Remove unnecessary programs or services from computer which are not required for day to day 
operation. 


For Safe Internet Browsing 


Beware of various fraudulent lucrative advertisements regarding discount coupons, cashback and 
festival coupons offering payments through UPI apps popping up while browsing. 

Some URL links on the internet are advertising to provide fake mobile Oximeter apps to check your 
oxygen level. Do not download such fake Oximeter apps on your mobile, as these apps may steal your 
personal or biometric data from your mobile phone. 








Avoid using third-party extensions, plug-ins or add-ons for your web browser as it may track your 

activity and steal your personal details. 

e Always browse/Vvisit the original website for purchasing. 

e Always type the information in online forms and not use the auto-fill option on web-browser to fill 
online forms as these forms may store your personal information such as card number, CVV number, 
bank account number etc. 

e Be careful about the name of a website. A malicious website may look identical to a legitimate one, 
but the name may use variation in spelling or a different domain (eg.,[dot]com, [dot]net etc.) 

e In general all the government websites have [dot]gov[dot]in or [dot]nic[dot]in ending. 

e Avoid clicking ‘Keep me logged in' or ‘Remember me' options on websites, especially on public 
computers. 

e Beware of fraudulent charity activities or non-existent charitable organizations having names identical 
to government charity funds, requesting money for victims, products or research. Always check the 
credentials of charity organizations before donation. 

e Never allow the browser to store your username/password, especially if you use a shared computer 
device. Also make it a habit of clearing history from the browser after each use session to protect your 
privacy. 

e Be cautious with tiny or shortened URLs (it appears like http://tiny.cc/balj5y). Don@ click on it as it 
may take you to a malware infected website. 

e Prior to registering on a job search portal, check the privacy policy of the website to know the type of 
information collected from the user and how it will be processed by the website. 

e Many social networking sites prompt to download a third-party application that lets you access more 
pages. Do not download unverified third-party applications without ascertaining its safety. 

e Beware of e-commerce websites and advertisements selling items at highly discounted prices. 


For safe Internet Banking 


e Always use virtual keyboard for accessing net banking facility and log off from banking portal/website 
after completion of online transaction. Also ensure deletion of browsing history from web browser 
(internet explorer, chrome etc.) after completion of online banking activity. 

e Use multiple factor authentications for login into your bank accounts. 

e Avoid writing down or storing in mobile phones the information used to access digital wallets/bank 
accounts. 

e One should not use the same password for internet banking of all accounts. 

e One should not keep the same mobile number registered for all bank accounts. 

e Always enable getting notification of transactions from the banks via both SMS & e-mail. 

e Login and view your bank account activity regularly to make sure that there are no unapproved 
transactions. Report discrepancies, if any, to your bank immediately. 

e [tis preferable to have two separate e-mail accounts, one for communicating with people and another 
for your financial transactions. 








For E-wallet Security 


Enable password/PIN on your mobile phones, tablets & other devices that you use. 

While doing transactions using your e-wallet, you should never save the details of your debit or credit 
cards. 

Use multiple factor authentication for logging into your e-wallets. 

Avoid writing down information used to access the digital wallets in mobile phones. 

Install e-wallet accounts from sources you trust. Do not install e-wallet apps via links shared over e- 
mail, SMS or social media. Always verify and install authentic e-wallet apps directly from the app 
store (Google/ iOS store) on your smart phone. Please check if the app is having the fPlay Protecto 
shield. 


For E-mail Account Security 


Never keep the same password for all your e-mail accounts. 

Use secure network connections. 

Avoid the use of public Wi-Fi networks. More secure Wi-Fi connections require passwords & are 
easily identified as AWPA or WPA20. Highly insecure Wi-Fi is open for anyone to connect to & may 
be labelled as a MWEPO (Wired Equivalent Privacy). 

Don't click on the links provided in suspicious e-mails even if they look genuine as this may lead you 
to malicious websites and this may be an attempt to defraud your hard earned money. 


For Identity Proof Card’s Security 


Never leave the discarded photo copy of your identity proof card at shops. 

Never allow the shopkeeper to keep a copy of your identity proof card in their computer. 

Never share your identity proof cards to unknown persons on social media platforms including 
WhatsApp. 

Never share your property papers or other personal information on social media platforms. 


For Password Security 


Keep a strong password of at least 13 characters with alphanumeric, special character, upper case & 
lower case combination. 

Keep two factor authentication for all your accounts. 

If you suspect that any of your account has been hacked, immediately change the password and 
contact the nearest Police Station. 
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HOW TO MAKE A COMPLAINT TO POLICE 





You can lodge a complaint at the nearest Police Station or , if specifically notified, the Cyber Police Station in 
your district. Cyber crimes can also be registered online at _ https://cybercrime.gov.in or 


https://jofs.jhpolice.gov.in 


For proper investigation, please handover the following to the Police Station Officer along with the complaint 
or as soon as possible after the complaint. 


For Facebook or other Social Media Account related complaints 


e Ifa fake Facebook or Instagram account has been created then take a screenshot of the fake profile 
along with the URL or mention the URL of the profile in the application. 
e Attach self-attested identity card along with the complaint copy. 


For Financial Frauds 


e Self-attested passbook/credit card transaction statement copy should be submitted, highlighting the 
fraudulent transactions along with bank account number, debit card/credit card number & registered 
mobile number with the bank account or credit card. 

e Screenshot of text messages of fraudulent transactions received on the registered mobile phone 
number should be preserved and attached with the complaint copy. 

e Screenshot of any suspicious link or OTP received for fraudulent transactions should also be preserved 
and attached with the complaint copy. 


For Fake Website related Frauds 


e Screenshot of the fake website along with the URL of the website should be taken and submitted along 
with the complaint copy. 
e Self-attested copy of fraudulent transactions, if any, should be attached with complaint copy. 


APPEAL 


Please help us in fighting cybercrime by being aware and not falling into the traps laid by cyber criminals. 
Also, please report all attempted cyber frauds. It will help us in nabbing the cyber criminals and bringing them 
to justice before they can defraud someone else. These can be reported at https://cybercrime.gov.in or 


https://jofs.jhpolice.gov.in . 


